CVE Catalog

CVE-2026-34023

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

25th percentile - higher than 25% of all known CVEs

Summary

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages, allowing access to restricted functions in other branches.

Risk Assessment

This vulnerability may lead to unauthorized access to resources and functions in other branches, posing a significant security threat to the organization.

Recommendation

It is recommended to update the software to the latest version and implement additional authorization mechanisms to restrict access to functions only to authorized users.

Original NVD description (English source)

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS